Kotti 0.10b1

A user-friendly, light-weight and extensible web content management
system, based on Pyramid and SQLAlchemy.

Kotti is most useful when you are developing applications that

have complex security requirements,

use workflows, and/or

work with hierarchical data.

Built on top of a number of best-of-breed software components, most
notably Pyramid and SQLAlchemy, Kotti introduces only a few concepts
of its own, thus hopefully keeping the learning curve flat for the
developer.

Change History

0.10b1 - 2014-07-11

0.10a4 - 2014-06-19

0.10a3 - 2014-06-11

Upgrade SQLAlchemy and alembic dependencies from 0.8.2 and 0.5.0 to
0.9.4 and 0.6.5 respectively.

Do not flush within Node.path event handlers. We would
otherwise trigger object handlers with funny object states.

Fix bug with Node.path where we attach a Node instance to a
parent that has been loaded from the database, but its parents have
not been loaded yet.

Fix deprecation warnings with regard to Pyramid’s
custom_view_predicates and set_request_property. Also
deprecate kotti.views.util.is_root.

0.10a2 - 2014-06-05

Add Node.path column. This allows queries based on path, so
it’s much easier just to find all children, grandchildren etc. of a
given node:

DBSession.query(Node).filter(Node.path.startswith(mynode.path))

Migrations

Upgrading from 0.9.2 to 0.10 requires you to run a migration script
on your database. To run the migration, call:

$ bin/kotti-migrate <myconfig.ini> upgrade

Make sure you backup your database before running the migration!

0.10a1 - 2014-05-19

Kotti is now based on Bootstrap 3 (and therefore Deform 2).

THIS IS A BACKWARD INCOMPATIBLE CHANGE W.R.T. MOST TEMPLATES,
INCLUDING FORM TEMPLATES! IF YOUR PROJECT EITHER HAS TEMPLATE
CUSTOMIZATIONS OR DEPENDS ON ADD-ONS THINGS WILL LOOK BROKEN!

If you only use Kotti’s default UI, chances are good that your
application will continue to work well unchanged. Kotti’s API is
mostly unchanged and fully backward compatible though.

Rework implementation of ‘kotti.util.Link’ (‘ViewLink’) to be more
flexible.

There’s now proper support for nesting ‘edit_links’, so that the
special ‘action_links’ list is no longer necessary. Links now also
make better use of templates for rendering, and are probably easier
to customize overall.

Added compatiblity for and now require Pyramid>=1.5. #273

In tests, turned settings and setup_app into fixtures to ease
overriding.

Add kotti_context_url JS global variable. For more details on why this
is needed see:

Adds delete permission needed for ‘delete’ and ‘delete_nodes’
views. The default workflow was updated in consequence. It allows to
elaborate more fine grained workflows : for instance, create a role
which can edit a content but not delete it.

To make existent Kotti’s instances using default workflow
compatibles and avoid users that have ‘editor’ role (and so far,
whom have the possibility to edit and delete the content) to not be
able to delete contents, it’s needed to reset workflow with
“kotti-reset-workflow <application ini file>” command.

Fix #308: Unique name constraint issue during paste of a cut node.

0.9.2 - 2013-10-15

Fix #268: Convert None to colander.null in get_appstruct so that
serialization doesn’t fail (needed due to recent changes in colander).

0.9.1 - 2013-09-25

Allow user admins to modify user passwords.

Require newer kotti_tinymce (source code editing was broken in 0.4).

0.9 - 2013-09-17

Add multi file content upload. You can now select several files from your
local storage that you want to upload and chose what content nodes shall be
created in your Kotti site. Currently files with MIME types of image/*
can be uploaded and be created as either Image or File nodes, all
other MIME types will be created as File. In future releases (or add-on
products) this can be extended with additional converters allowing for example
to upload HTML files and create Document nodes with the content of the
title tag becoming the node’s title, the content of the body tag
becoming the node’s body and so on.

Fix #253: Many translations weren’t included in the last release.

‘–use-fuzzy’ translations when running ‘compile_catalog’ adds back
translations that were recently marked as fuzzy. (All translations
that were marked as fuzzy in German were still accurate.)

0.9b2 - 2013-08-20

0.9b1 - 2013-06-26

Add kotti.util.ViewLink.visible method for better control over
whether a view link should be visible or not. This allows us to
move formerly hardcoded action links defined in
kotti.views.edit.actions into TypeInfo.action_links and thus
make them configurable either globally or per content type.

kotti.security.view_permitted will now check for
pyramid.security.view_execution_permitted with a request method
set to ‘GET’ by default. It used to check for a view that matches
the current request’s method.

This fixes an issue where kotti.util.ViewLink.permitted would by
mistake check for a ‘POST’ view when the current request was ‘POST’.

Add INavigationRoot interface and TemplateAPI.navigation_root
property. The latter returns the first content node in the lineage that
implements INavigationRoot or the root node if INavigationRoot is not
implemented by any node in the lineage. Make the nav.pt template use
api.navigation_root instead of api.root. This allows third party
add-ons to define content types that can reside somewhere in the content tree
while still being the root for the navigation.

Move navigation related view code to new module kotti.views.navigation.
Deprecate imports from the old locations.

Remove some code that has been deprecated in 0.6 or 0.7.

A view assigned to a slot can access the slot name where its rendered.

Add missing transaction.commit() in kotti-reset-workflow.

Fix bug in kotti.views.util.render_view where local roles weren’t
respected correctly.

Add helper method kotti.message.send_email for sending general
emails. These emails must follow a particular structure. Look at
kotti:templates/email-set-password.pt as an example.

0.9a2 - 2013-05-04

Fix #222: Use SQLAlchemy’s before_flush event for object events.

We were using the wrong events previously. The problem with
before_insert, before_update, and before_delete was that event
handlers could not reliably call Session.add, Session.delete,
and change mapped relationships. But only SQLAlchemy 0.8 started
emitting a warning when that was done.

Also deprecated ObjectAfterDelete because I don’t think it’s useful.

Remove the html5shim from the master templates and use the fanstatic
package js.html5shiv instead.

A temporary fix for #187. Basically suppresses DetachedInstanceError.

Add kotti.events.subscribe decorator. See the also updated docs on that
topic / module for details.

0.9a1 - 2013-03-12

Fix ordering on how include_me functions are loaded. This puts
Kotti’s own and Kotti add-on search paths in front of
deform_bootstrap’s.

Add image thumbs with preview popovers to @@contents view.

Add drag’n’drop ordering support to @@contents view.

Add “toggle all” checkbox to @@contents view.

Add contents path bar to @@contents view.

0.8 - 2013-03-12

No changes.

0.8b2 - 2013-02-08

Add a fanstatic.Group ‘tagit’ and need() it in the defered widget. This is
needed to make the tags widget render correctly with a theme package enabled
until the defered widget is replaced by a widget class that declares its
requirements in the usual deform style.

0.8b1 - 2012-12-30

0.8a2 - 2012-12-15

Remove test related dependencies on requirements.txt.
So now we need to run python setup.py dev to get testing
dependencies.

Update packages versions on requirements.txt for latest working
versions.

Added a tags display in views for documents, files, folders, and images,
where they show up as a horizontal list between description and body.

Modified general search to include simple tags searching. The default
search in Kotti works on a simple search term matching basis. Tags
searching is added here in a simple fashion also, such that you can only
search for one tag at a time, but partial matches work: searching for ‘foo’
finds content tagged ‘foo bar’. You can also search on single tags by
clicking an individual tag in the tags display of an item. More
sophisticated tags searching, just as for general search, is left to
dedicated add-ons.

0.8a1 - 2012-11-13

Make language-dependent URL normalization the default. (How to do
this used to be a cookbook entry.)

Cleanup node edit actions and use decorated view classes.

Add contents view with actions for multiple items.

Add children_with_permission method to ContainerMixin.

Add UI for default_view selection.

Deprecate ‘kotti.views.edit.generic_add’ and ‘generic_edit’. Just
use class-based forms instead.

0.7.2 - 2012-10-02

Added IFile and IImage interfaces to allow for file and image
subclasses to reuse the same view (registrations).

0.7.1 - 2012-08-30

Add deletion of users to the users management.

Fix tag support for files and images.

Upgrade to Twitter Bootstrap 2.1

remove lots of CSS that is no longer needed

fix responsive layout that was broken on some phone size
screen resolutions

Add “Site Setup” submenu / remove @@setup view.

0.7 - 2012-08-16

Fix critical issue with migrations where version number would not be
persisted in the Alembic versions table.

0.7rc1 - 2012-08-14

No changes.

0.7a6 - 2012-08-07

Fix a bug with connections in the migration script. This would
previously cause Postgres to deadlock when calling
kotti-migrate.

0.7a5 - 2012-08-07

Add workflow support based on repoze.workflow. A simple
workflow is included in workflow.zcml and is active by default.
Use kotti.use_workflow = 0 to deactivate. The workflow support
adds a drop-down that allows users with state_change permission
to modify the workflow state.

Change the default layout

Kotti’s new default look is now even closer to the Bootstrap
documentation, with the main nav bar at the very top and the
edit bar right below.

Upgrade note: if you have a customized main_template and want to
use the recent changes in that template, you need to swap
positions of nav.pt and editor-bar.ptapi.render_template
calls and remove the search.pt call from the main_template
(it’s now called from within nav.pt).
Everything else is completely optional.

Add migrations via Alembic. A new script kotti-migrate helps
with managing database upgrades of Kotti and Kotti add-ons. Run
kotti-migrate <your.ini> upgrade to upgrade the Kotti database
to the latest version.

Add-on authors should see the kotti.migrate module’s docstring
for more details.

Make Document.body searchable (and therefore the search feature
actually useful for the first time).

Add a “minify” command to compress CSS and JS resources.

To use it run:

python setup.py dev
python setup.py minify

The minify command assumes, that all resources are in
kotti/static/. YUI compressor is used for compression
and will be automatically installed when running
python setup.py dev. However, you still need a JVM on
your development machine to be able to use the minify
command.

Fix settings: only values for kotti* keys should be converted to
unicode strings.

Fix #89: Validate email address for uniqueness when user changes it.

Fix #91: Styling of search box.

Fix #104: Make fanstatic resources completely overridable.

Enabled deferred loading on File.data column.

Migrations

Upgrading from 0.6 to 0.7 requires you to run a migration script on
your database. To run the migration, call:

$ bin/kotti-migrate <myconfig.ini> upgrade

Make sure you backup your database before running the migration!

Upgrading to 0.7 will initialize workfow state and permissions for
all your content objects, unless you’ve overwritten
kotti-use_workflow to not use a workflow (use 0) or a custom
one.

It is important that sites that have custom permissions,
e.g. custom modifications to SITE_ACL, turn off workflow support
prior to running the upgrade script.

0.7a4 - 2012-06-25

Add minified versions JS/CSS files.

Fix #88: logging in with email.

Update translations.

0.7a3 - 2012-06-15

Include kotti.tinymce which adds plug-ins for image and file
upload and content linking to the TinyMCE rich text editor.

Slot renderers have been replaced by normal views (or viewlets).
kotti.views.slots.register has been deprecated in favour of
kotti.views.slots.assign_slot, which works similarly, but takes
a view name of a registered view instead of a function for
registration.

Switch to fanstatic for static resource management.

Upgrade note: This requires changes to existing *.ini application
configuration files. Concretely, you’ll need to add a
filter:fanstatic section and a pipeline:main section and
rename an existing app:main section to app:Kotti or the
like. Take a look at Kotti’s own development.ini for an
example.

Retire the undocumented kotti.resources.Setting class and table.
kotti.get_settings will now return registry.settings
straight, without looking for persistent overrides in the database.

Drop support for Pyramid<1.3, since we use
pyramid.response.FileResponse, and kotti_tinymce uses
pyramid.view.view_defaults.

Fix encoding error with non-ascii passwords.

0.7a2 - 2012-06-07

Do not allow inactive users to reset their password.

0.7a1 - 2012-06-01

Features

Add a new ‘Image’ content type and image scaling, originally from
the kotti_image_gallery add-on. See kotti.image_scales.*
settings.

Add search and related setting kotti.search_content.

Add subscriber to set cache headers based on caching rules. See
also related setting kotti.caching_policy_chooser.

Remove TinyMCE from the core.

Move email templates into page templates in
kotti:templates/email-set-password.pt and
kotti:templates/email-reset-password.pt. This is to make them
easier to translate and customize. This deprecates
kotti.message.send_set_password.

Add a ‘edit_inhead’ slot for stuff that goes into the edit
interface’s head. ‘inhead’ is no longer be used in
‘edit/master.pt’.

Setting ‘Node.__acl__’ to the empty list will now persist the empty
list instead of setting ‘None’.

Let ‘pyramid_deform’ take care of configuring deform with
translation dirs and search paths.

0.6.0 - 2012-03-22

Add Japanese translation.

Enforce lowercase user names and email with registration and login.

Moved SQLAlchemy related stuff from kotti.util into kotti.sqla.

You can also append to ‘Node.__acl__’ now in addition to setting the
attribute.

0.6.0b3 - 2012-03-17

Have the automatic __tablename__ and polymorphic_identity
for CamelCase class names use underscores, so a class
‘MyFancyDocument’ gets a table name of ‘my_fancy_documents’ and a
type of ‘my_fancy_document’.

0.6.0b2 - 2012-03-16

Make the ‘item_type’ attribute of AddForm optional. Fixes #41.

kotti.util.title_to_name will now return a name with a maximum
length of 40. Fixes #31.

0.6.0b1 - 2012-03-15

Use declarative style instead of class mapper for SQLAlchemy resources.

0.5.2 - 2012-03-10

A new ‘Actions’ menu makes copy, paste, delete and rename of items
more accessible.

Add German translation.

Populators no longer need to call transaction.commit()
themselves.

0.5.1 - 2012-02-27

Internationalize user interface. Add Portuguese as the first
translation.

A new ‘Add’ menu in the editor toolbar allows for a more intuitive
adding of items in the CMS.

Refine Node.copy. No longer copy over local roles per default.

0.5.0 - 2012-02-15

Move Kotti’s default user interface to use Twitter Bootstrap 2.

Add a new ‘File’ content type.

Add CSRF protection to some forms.

Remove Kotti’s FormController in favor of using pyramid_deform.

Use plone.i18n to normalize titles to URL parts.

Add a separate navigation screen that replaces the former
intelligent breadcrumbs menu.

Use pyramid_beaker as the default session factory.

Make kotti.messages.send_set_password a bit more flexible.

0.4.5 - 2012-01-19

Add ‘kotti.security.has_permission’ which may be used instead of
‘pyramid.security.has_permission’.

The difference is that Kotti’s version will set the “authorization
context” to be the context that you pass to ‘has_permission’. The
effect is that ‘list_groups’ will return a more correct list of
local roles, i.e. the groups in the given context instead of
‘request.context’.

Add a template (‘forbidden.pt’) for when user is logged in but still
getting HTTPForbidden.

0.4.4 - 2012-01-05

The “Forbidden View” will no longer redirect clients that don’t
accept ‘text/html’ to the login form.

Fix bug with ‘kotti.site_title’ setting.

0.4.3 - 2011-12-22

Add ‘kotti.root_factory’ setting which allows the override Kotti’s
default Pyramid root factory. Also, make master templates more
robust so that a minimal root with ‘__parent__’ and ‘__name__’ can
be rendered.

The ‘kotti.tests’ was factored out. Tests should now import from
‘kotti.testing’.

0.4.2 - 2011-12-20

More convenient overrides for add-on packages by better use of
‘config.commit()’.

0.4.1 - 2011-12-20

0.4.0 - 2011-12-14

Remove configuration variables ‘kotti.templates.*’ in favour of
‘kotti.asset_overrides’, which uses Pyramid asset specs and their
overrides.

Remove ‘TemplateAPI.__getitem__’ and instead add ‘TemplateAPI.macro’
which has a similar but less ‘special’ API.

Factor snippets in ‘kotti/templates/snippets.pt’ out into their own
templates. Use ‘api.render_template’ to render them instead of
macros.

0.3.1 - 2011-12-09

Add ‘keys’ method to mutation dicts (see 0.3.0).

0.3.0 - 2011-11-30

Replace Node.__annotations__ in favor of an extended Node.annotations.

Node.annotations will attempt to not only recognize changes to
subobjects of type dict, it will also handle list objects
transparently. That is, changing arbitrary JSON structures should
just work with regard to calling node.annotations.changed() when
the structure was changed.

0.2.10 - 2011-11-22

‘api.format_datetime’ now also accepts a timestamp in addition to datetime.

0.2.7 - 2011-11-20

Fix #11 where ‘python setup.py test’ would look into a hard-coded
‘bin’ directory.

Structural analysis documentation. (Unfinished; in ‘analysis’ directory
during development. Will be moved to main docs when finished.)

0.2.6 - 2011-11-17

Add Node.__annotations__ convenience attribute.

Node.__annotations__ will wrap the annotations dict in such a way
that both item and attribute access are possible. It’ll also record
changes to dicts inside dicts and mark the parent __annotations__
attribute as dirty.

Add a welcome page.

Delete the demo added in version 0.2.4.

0.2.5 - 2011-11-14

Add ‘TemplateAPI.render_template’; allow templates to be rendered
conveniently from templates.

0.2a1 - 2011-08-29

This change is backward incompatible in that existing content types
in your code will need to subclass Content instead of Node.
The example in the docs has been updated. Also, the underlying
database schema has changed.